Candidate: CVE-2011-3358
PublicDate: 2011-09-21 16:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3358
 http://www.mantisbt.org/bugs/view.php?id=13281
 http://www.openwall.com/lists/oss-security/2011/09/04/1
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before
 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the
 (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php
 or (b) bug_update_advanced_page.php, related to use of the Projax library.
Ubuntu-Description: 
Notes: 
Bugs: 
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297
 https://bugs.launchpad.net/bugs/848124
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_mantis:
upstream_mantis: released (1.2.8-1)
hardy_mantis: ignored (reached end-of-life)
lucid_mantis: ignored (reached end-of-life)
maverick_mantis: ignored (reached end-of-life)
natty_mantis: released (1.1.8+dfsg-10squeeze2)
oneiric_mantis: released (1.2.8-1)
precise_mantis: released (1.2.8-1)
quantal_mantis: released (1.2.8-1)
raring_mantis: released (1.2.8-1)
saucy_mantis: released (1.2.8-1)
devel_mantis: DNE